Expert: Cell phone virus threat is overblown

Instances of infected smart phones are almost nonexistent, according to a cell phone support exec.

Will Sturgeon Special to CNET News.com
3 min read
A company that handles support for major mobile operators has hit back at Symantec research that suggested people are wising up to a growing threat of cell phone viruses.

WDSGlobal said that the threat is being blown well out of proportion and the latest figures reveal a gulf between "perception and reality."

In its research, published at the end of April, Symantec claimed 73 percent of smart phone users are aware of viruses and attacks aimed at their handsets. While that may be encouraging in a "better safe than sorry" way, Doug Overton, head of communications for WDSGlobal, believes people shouldn't lose sight of the fact that such problems are few and far between.

WDSGlobal handles data support calls for Hewlett-Packard, Nokia, Orange, Sony Ericsson and T-Mobile. Overton said that in the last quarter, it received just 10 end-user enquiries about smart phone viruses out of the 275,000 calls it fielded--equating to 0.0036 percent of all calls.

Overton said he believes awareness of potential threats is not a bad thing, "but what isn't acceptable is scaremongering and hype."

"If you look at the viruses out there, currently there are about 14 core viruses, the majority of which are fairly benign. They are mostly developed as 'proof of concept' to warn manufacturers of handsets and operating systems or the antivirus industry about potential vulnerabilities," he said.

In fact, cell phone viruses are so infrequent that when the BBC wanted to film one executing, it took Overton and his colleagues three days of searching the Internet just to find the code for one such virus.

"There are a few nasties out there which will do some damage, such as Skulls, which will destroy your phone," Overton said, referring to the Trojan horse that has been detected on some Symbian-based phones. He added that any real instances of infection are almost, if not entirely, nonexistent.

"These things will only infect complex operating systems, so already we're talking about only 4 percent of handsets," he said. "And unlike PC viruses, there is no back door. If a virus tries to launch on somebody's phone, they are going to get a warning that something is trying to do something to their handset."

Overton added that many proof-of-concept viruses require Bluetooth wireless to spread, which means their propagation is severely restricted.

However, as with PC viruses, he said, mobile phone viruses may well evolve and one day become an issue for more serious concern.

Security expert Bruce Schneier, chief technology officer at Counterpane Internet Security, believes mobile viruses and attacks shouldn't be discounted altogether, though he believes they aren't currently registering on any significant scale.

"We'll probably see more when mobiles are being used for finances," he said, suggesting attacks targeting micropayments could be a popular goal for virus writers, though they are probably still some way off. This echoed a comment from Matt Ekram, mobile security product manager at Symantec, who told CNET News.com: "We were surprised by the sheer number of people already doing transactions, disclosing confidential information or using online banking, and you can guess that is where the future attacks will be aimed."

Overton doesn't believe security fears will hamper the sales of smart phones. "I'd be very surprised if somebody downgraded their choice of phone based on virus and security fears," he said

Will Sturgeon of Silicon.com reported from London.